[Secure-testing-commits] r21240 - data/CVE

Michael Gilbert mgilbert at alioth.debian.org
Tue Feb 12 02:42:44 UTC 2013 

Author: mgilbert
Date: 2013-02-12 02:42:44 +0000 (Tue, 12 Feb 2013)
New Revision: 21240

Modified:
   data/CVE/list
Log:
isc-dhcp triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-11 21:56:46 UTC (rev 21239)
+++ data/CVE/list	2013-02-12 02:42:44 UTC (rev 21240)
@@ -5697,9 +5697,11 @@
 CVE-2012-5689 (ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...)
 	- bind9 <unfixed> (bug #699145)
 	[squeeze] - bind9 <not-affected> (Only affects Bind 9.8 and 9.9)
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 ...)
 	- bind9 1:9.8.4.dfsg.P1-1 (bug #695192)
 	[squeeze] - bind9 <not-affected> (Only affects 9.8 and 9.9)
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...)
 	NOT-FOR-US: TP-LINK TL-WR841N router
 CVE-2012-5686
@@ -7077,6 +7079,7 @@
 CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...)
 	{DSA-2560-1}
 	- bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118)
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-5165
 	RESERVED
 CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
@@ -9728,6 +9731,7 @@
 	{DSA-2547-1}
 	- bind9 1:9.8.4.dfsg-1 (bug #693015)
 	[wheezy] - bind9 1:9.8.1.dfsg.P1-4.4
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-4243
 	RESERVED
 CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...)
@@ -10767,6 +10771,7 @@
 CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
 	NOTE: https://kb.isc.org/article/AA-00730
 	- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
+	- isc-dhcp <not-affected> (embeds bind 9.8.x; this issue only affects 9.9.x)
 CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and ...)
 	{DSA-2511-1}
 	- puppet 2.7.18-1
@@ -10889,6 +10894,7 @@
 CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...)
 	{DSA-2517-1}
 	- bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259)
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 	NOTE: https://kb.isc.org/article/AA-00729
 CVE-2012-XXXX [packagekit insecure temp file]
 	- packagekit 0.7.6-1 (bug #678189)
@@ -16252,8 +16258,7 @@
 CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before ...)
 	{DSA-2486-1}
 	- bind9 1:9.8.1.dfsg.P1-4.1
-	- isc-dhcp <unfixed> (bug #698597)
-	[squeeze] - isc-dhcp <not-affected> (isc-dhcp started embedding bind with version 4.2.x and later)
+	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
 CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...)
 	NOT-FOR-US: VMware Tools
 CVE-2012-1665

More information about the Secure-testing-commits mailing list